Skills
skills/pjt222/development-guides/investigate-capa-root-cause/Gen Agent Trust Hub

investigate-capa-root-cause

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill provides comprehensive instructional content and markdown templates for root cause analysis and CAPA management. No malicious instructions, obfuscation, or hardcoded credentials were detected in the content or metadata.
  • [COMMAND_EXECUTION]: The skill requests the Bash tool in its allowed-tools list. Although no specific scripts are included in the skill, this tool grants the agent the ability to execute shell commands during investigations (e.g., using Grep or Glob on system logs). This capability is appropriate for the skill's purpose but contributes to the potential impact of data-driven attacks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data within a high-capability environment.
  • Ingestion points: The skill processes external data defined in the Inputs section, including 'Description of the deviation', 'Evidence', and 'System logs' (SKILL.md).
  • Boundary markers: The provided templates do not use specific delimiters or instructions to treat external data as untrusted content.
  • Capability inventory: The skill has access to the Read, Write, Edit, Bash, Grep, and Glob tools (SKILL.md).
  • Sanitization: No explicit sanitization, validation, or escaping logic is present in the skill to handle external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:14 AM